Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
10
CVSSv2

CVE-2015-3073

Published: 13/05/2015 Updated: 05/01/2017
CVSS v2 Base Score: 10 | Impact Score: 10 | Exploitability Score: 10
VMScore: 1000
Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C
Subscribe to Acrobat

Vulnerability Summary

Adobe Reader and Acrobat 10.x prior to 10.1.14 and 11.x prior to 11.0.11 on Windows and OS X allow malicious users to bypass intended restrictions on JavaScript API execution via unspecified vectors, a different vulnerability than CVE-2015-3060, CVE-2015-3061, CVE-2015-3062, CVE-2015-3063, CVE-2015-3064, CVE-2015-3065, CVE-2015-3066, CVE-2015-3067, CVE-2015-3068, CVE-2015-3069, CVE-2015-3071, CVE-2015-3072, and CVE-2015-3074.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

adobe acrobat 11.0.2

adobe acrobat 11.0.1

adobe acrobat 11.0.0

adobe acrobat 10.1.13

adobe acrobat 11.0.6

adobe acrobat 11.0.4

adobe acrobat 10.1.11

adobe acrobat 10.1.9

adobe acrobat 10.1.4

adobe acrobat 10.1.2

adobe acrobat 10.1.0

adobe acrobat 11.0.10

adobe acrobat 11.0.9

adobe acrobat 11.0.8

adobe acrobat 11.0.7

adobe acrobat 10.1.8

adobe acrobat 10.1.7

adobe acrobat 10.1.6

adobe acrobat 10.1.5

adobe acrobat 11.0.5

adobe acrobat 11.0.3

adobe acrobat 10.1.12

adobe acrobat 10.1.10

adobe acrobat 10.1.3

adobe acrobat 10.1.1

apple mac_os_x

microsoft windows

adobe acrobat_reader 10.1.13

adobe acrobat_reader 10.1.12

adobe acrobat_reader 10.1.11

adobe acrobat_reader 10.1.10

adobe acrobat_reader 11.0.9

adobe acrobat_reader 11.0.2

adobe acrobat_reader 11.0.0

adobe acrobat_reader 10.1.9

adobe acrobat_reader 10.1.7

adobe acrobat_reader 10.1.5

adobe acrobat_reader 10.1.0

adobe acrobat_reader 11.0.7

adobe acrobat_reader 11.0.6

adobe acrobat_reader 11.0.5

adobe acrobat_reader 11.0.4

adobe acrobat_reader 10.1.4

adobe acrobat_reader 10.1.3

adobe acrobat_reader 10.1.2

adobe acrobat_reader 10.1.1

adobe acrobat_reader 11.0.10

adobe acrobat_reader 11.0.8

adobe acrobat_reader 11.0.3

adobe acrobat_reader 11.0.1

adobe acrobat_reader 10.1.8

adobe acrobat_reader 10.1.6

Exploits

Exploit DB: Adobe Acrobat Reader - AFParseDate JavaScript API Restrictions Bypass
# Title: Adobe Acrobat Reader AFParseDate Javascript API Restrictions Bypass Vulnerability # Date: 09/28/2015 # Author: Reigning Shells, based off PoC published by Zero Day Initiative # Vendor Homepage: adobecom # Version: Adobe Reader and Acrobat 10x before 10114 and 11x before 11011 on Windows and OS X are vulnerable # Tested on: Adobe Ac ...

Github Repositories

https://github.com/reigningshells/CVE-2015-3073

CVE-2015-3073 PoC

CVE-2015-3073 This vulnerability allows remote attackers to bypass API restrictions on vulnerable installations of Adobe Reader User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file The specific flaw exists within AFParseDate By creating a specially crafted PDF with specific JavaScript instructions,

References

CWE-284https://helpx.adobe.com/security/products/reader/apsb15-10.htmlhttp://www.zerodayinitiative.com/advisories/ZDI-15-197https://www.exploit-db.com/exploits/38344/http://www.securitytracker.com/id/1032284http://www.securityfocus.com/bid/74604https://nvd.nist.govhttps://github.com/reigningshells/CVE-2015-3073https://www.exploit-db.com/exploits/38344/
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
blind SQL injectionfirmwareCVE-2006-4304CVE-2024-32878CVE-2024-31502XSSCVE-2024-3059CVE-2024-33692CVE-2024-3400
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook